Keeping business emails safe

7th June 2016

Every day SMEs transmit business information via email. Whether it's sales orders, customer correspondance, supplier information, or internal discussions, the details of these conversations are private and organisations must take sensible precautions to make sure nothing falls into the wrong hands.

According to an IBM survey the total cost to the business sector of online data breaches was more than £2.5 million. (http://www-03.ibm.com/security/data-breach/), demonstrating how the risks of losing confidential business details can have catastrophic financial implications.

UK businesses also have legal obligations to protect the customer data they hold and must take necessary action to securely transmit electronic information.

Under the Data Protection Act, organisations must handle customers’ personal data with appropriate care. This is especially important in financial services, law and healthcare. Businesses and public bodies in these and other fields should not transmit sensitive data via unsecured and unencrypted emails.FindLaw UK

Protect your email

Given the cost and legal implications, it's essential businesses do all they can to secure their email services. The level of protection needed depends on the level of protection required.

Basic email security

Starting with the basics, every company should be keeping to the following best-practice:

Store all emails on encrypted servers — This prevents hackers from gathering information directly from an email server as any records they find are unreadable without the details of how to decrypt them.

Keep to strong passwords — The weaker a password, the easier it is for someone to guess, or work out using a 'brute-force attack'. Strong passwords are longer, include numbers, and mix upper and lower-case lettering.

Regularly change passwords — Every employee should be tasked with changing their password on a regular basis. The schedule is up to the business owner / IT manager, but certainly at least every 90 days.

Filtering emails

Many email security problems stem from users receiving viruses, spam, or phishing emails (which are designed to make the receiver input their username and password in online forms) which then infect their computers, and spread across the office network.

An email filtering service prevents these types of attack by checking every incoming, and outgoing message and stopping potentially dangerous messages from reaching the inbox. When choosing a suitable email filtering service a business should look for:

Real-time updates — When new viruses, or spam messages, are identified the filtering is automatically updated.

Scheduled reporting — Users, or IT admins, receive notifications of what messages were stopped, and can release any known to be 'false-positives'.

Flexible filters — All businesses are different and what may be spam to one may not be a problem for another. Being able to alter filters to match individual needs is essential.

SMS offer a world-class email filtering service, called FutureSpam, which protects your business email for less than 26p a day.

Email content encryption

For organisations which pass sensitive details using email for example customer records, contracts, or confidential information. Should these emails fall into the wrong hands it would be at the very least embarrassing and at worst damaging to the business.

The solution is to control the contents of emails, and who is able to read them. A strong email encryption service provides:

End-to-end encryption — The email contents are encrypted in the user's email apps so even if someone accesses a mailbox they can't see the details.

Control over who receives a message — The sender can revoke access to a message, or remotely delete the contents.

Tracking — The sender can see who opened the email and when.

When someone receives a secure message they are directed to a website. Once they have confirmed their identity the email contents are displayed. This means a businesses always knows who has seen a message and can be sure it hasn't been forwarded to others.